Peter Zijlstra 894af4a1cd objtool: Validate kCFI calls ...

Validate that all indirect calls adhere to kCFI rules. Notably doing
nocfi indirect call to a cfi function is broken.

Apparently some Rust 'core' code violates this and explodes when ran
with FineIBT.

All the ANNOTATE_NOCFI_SYM sites are prime targets for attackers.

 - runtime EFI is especially henous because it also needs to disable
   IBT. Basically calling unknown code without CFI protection at
   runtime is a massice security issue.

 - Kexec image handover; if you can exploit this, you get to keep it :-)

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
Acked-by: Sean Christopherson <seanjc@google.com>
Link: https://lkml.kernel.org/r/20250714103441.496787279@infradead.org

2025-08-18 14:23:09 +02:00

..

asm

lib/rbtree: enable userland test suite for rbtree related data structure

2025-03-17 12:17:00 -07:00

asm-generic

move asm/unaligned.h to linux/unaligned.h

2024-10-02 17:23:23 -04:00

generated

selftests: vDSO: don't include generated headers for chacha test

2024-09-13 17:28:36 +02:00

io_uring

selftests/net: Extract uring helpers to be reusable

2023-10-19 16:42:03 -06:00

linux

objtool: Validate kCFI calls

2025-08-18 14:23:09 +02:00

nolibc

tools/nolibc: define time_t in terms of __kernel_old_time_t

2025-07-13 16:58:34 +02:00

perf

KVM: selftests: aarch64: Update tools copy of arm_pmuv3.h

2023-12-12 09:46:22 +00:00

tools

tools include: add dis-asm-compat.h to handle version differences

2022-08-01 15:29:49 -03:00

trace/events

…

uapi

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

2025-07-30 17:14:01 -07:00

vdso

tools headers: Sync the linux/unaligned.h copy with the kernel sources

2025-05-20 12:57:18 -03:00